General
-
Target
Purchase Order.zip
-
Size
461KB
-
Sample
211017-nbxc4aceg6
-
MD5
48715eb772287d084aafc8068902d20d
-
SHA1
def5d1d0b0881e4de6f360e97eebc6f3289a8378
-
SHA256
22c9f28b933a171961eeedbd66bbf3951e94ea12943c366a440addf8cb737e94
-
SHA512
cc3ecb688a7f2902266cc18b160077f9ecc6b4c0c747fcecd9657afe976deac87519c8df9384dd013326542bc16cf2a30e202d22f9e051f50ccb253cf712458f
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ananthasuites.com - Port:
587 - Username:
[email protected] - Password:
Anantha225@#
Targets
-
-
Target
Purchase Order.exe
-
Size
735KB
-
MD5
f8c04a79425fbd0bde8ee6dd132d655b
-
SHA1
b10826eb64f5d2469df8f776df34405cee0d1d05
-
SHA256
6459b80dbdfbf19a21456659f618c0e22693b4d2389e5cfbba864e5d2b85eb1a
-
SHA512
3e02e41db2e64c12360972886ed83838c45d702f68d1bc07a47e613d1c8392d13ba393eb6cecbe18a7d4991229b7f6e89525d61bdb0dd77815422956b4c3d92d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-